Overview
overview
10Static
static
35ea3b72de6...18.exe
windows7-x64
105ea3b72de6...18.exe
windows10-2004-x64
7$PLUGINSDI...nu.dll
windows7-x64
3$PLUGINSDI...nu.dll
windows10-2004-x64
3$PLUGINSDI...em.dll
windows7-x64
3$PLUGINSDI...em.dll
windows10-2004-x64
3$PLUGINSDI...gs.dll
windows7-x64
3$PLUGINSDI...gs.dll
windows10-2004-x64
3FancyZoom.js
windows7-x64
3FancyZoom.js
windows10-2004-x64
3about.html
windows7-x64
1about.html
windows10-2004-x64
1blogid=321...4.html
windows7-x64
1blogid=321...4.html
windows10-2004-x64
1contact-us.js
windows7-x64
3contact-us.js
windows10-2004-x64
3de.html
windows7-x64
1de.html
windows10-2004-x64
1jquery.meanmenu.js
windows7-x64
3jquery.meanmenu.js
windows10-2004-x64
3uninstall.exe
windows7-x64
7uninstall.exe
windows10-2004-x64
7Analysis
-
max time kernel
145s -
max time network
139s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
20-05-2024 10:39
Static task
static1
Behavioral task
behavioral1
Sample
5ea3b72de6c5095693390b3199ce3bb0_JaffaCakes118.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
5ea3b72de6c5095693390b3199ce3bb0_JaffaCakes118.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral3
Sample
$PLUGINSDIR/StartMenu.dll
Resource
win7-20240221-en
Behavioral task
behavioral4
Sample
$PLUGINSDIR/StartMenu.dll
Resource
win10v2004-20240426-en
Behavioral task
behavioral5
Sample
$PLUGINSDIR/System.dll
Resource
win7-20240419-en
Behavioral task
behavioral6
Sample
$PLUGINSDIR/System.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral7
Sample
$PLUGINSDIR/nsDialogs.dll
Resource
win7-20240220-en
Behavioral task
behavioral8
Sample
$PLUGINSDIR/nsDialogs.dll
Resource
win10v2004-20240426-en
Behavioral task
behavioral9
Sample
FancyZoom.js
Resource
win7-20240508-en
Behavioral task
behavioral10
Sample
FancyZoom.js
Resource
win10v2004-20240426-en
Behavioral task
behavioral11
Sample
about.html
Resource
win7-20240508-en
Behavioral task
behavioral12
Sample
about.html
Resource
win10v2004-20240508-en
Behavioral task
behavioral13
Sample
blogid=321536463764.html
Resource
win7-20240221-en
Behavioral task
behavioral14
Sample
blogid=321536463764.html
Resource
win10v2004-20240508-en
Behavioral task
behavioral15
Sample
contact-us.js
Resource
win7-20240221-en
Behavioral task
behavioral16
Sample
contact-us.js
Resource
win10v2004-20240508-en
Behavioral task
behavioral17
Sample
de.html
Resource
win7-20240221-en
Behavioral task
behavioral18
Sample
de.html
Resource
win10v2004-20240426-en
Behavioral task
behavioral19
Sample
jquery.meanmenu.js
Resource
win7-20240508-en
Behavioral task
behavioral20
Sample
jquery.meanmenu.js
Resource
win10v2004-20240426-en
Behavioral task
behavioral21
Sample
uninstall.exe
Resource
win7-20240508-en
Behavioral task
behavioral22
Sample
uninstall.exe
Resource
win10v2004-20240426-en
General
-
Target
about.html
-
Size
18KB
-
MD5
f5fbd3d88fc67fa0298b94bf84d59656
-
SHA1
18e7edc38c1001b269c10244c75f2f81a4089b47
-
SHA256
fd220aea1c6989fb0cdbe593c1a8710de1157e7da58e58958d938f390d86ebc3
-
SHA512
b3eef24a0890c6bc0809a57342fcc5d5c746a66848833ca908f8a650266fc49b34d1efe844cb647aaeba81067ed22484a82831efdab8ecd8e7348f0d74c751cb
-
SSDEEP
192:Pnp13pD2CY7gNHsdt9zHjlnvX0P3XPc1zBkxjFJeOCCnd5Vio:lBY7XPzO/KlkzAOCyoo
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
Processes:
msedge.exedescription ioc process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
Processes:
msedge.exemsedge.exeidentity_helper.exemsedge.exepid process 4776 msedge.exe 4776 msedge.exe 3892 msedge.exe 3892 msedge.exe 1044 identity_helper.exe 1044 identity_helper.exe 5032 msedge.exe 5032 msedge.exe 5032 msedge.exe 5032 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
Processes:
msedge.exepid process 3892 msedge.exe 3892 msedge.exe 3892 msedge.exe 3892 msedge.exe 3892 msedge.exe 3892 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
Processes:
msedge.exepid process 3892 msedge.exe 3892 msedge.exe 3892 msedge.exe 3892 msedge.exe 3892 msedge.exe 3892 msedge.exe 3892 msedge.exe 3892 msedge.exe 3892 msedge.exe 3892 msedge.exe 3892 msedge.exe 3892 msedge.exe 3892 msedge.exe 3892 msedge.exe 3892 msedge.exe 3892 msedge.exe 3892 msedge.exe 3892 msedge.exe 3892 msedge.exe 3892 msedge.exe 3892 msedge.exe 3892 msedge.exe 3892 msedge.exe 3892 msedge.exe 3892 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
Processes:
msedge.exepid process 3892 msedge.exe 3892 msedge.exe 3892 msedge.exe 3892 msedge.exe 3892 msedge.exe 3892 msedge.exe 3892 msedge.exe 3892 msedge.exe 3892 msedge.exe 3892 msedge.exe 3892 msedge.exe 3892 msedge.exe 3892 msedge.exe 3892 msedge.exe 3892 msedge.exe 3892 msedge.exe 3892 msedge.exe 3892 msedge.exe 3892 msedge.exe 3892 msedge.exe 3892 msedge.exe 3892 msedge.exe 3892 msedge.exe 3892 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
msedge.exedescription pid process target process PID 3892 wrote to memory of 1800 3892 msedge.exe msedge.exe PID 3892 wrote to memory of 1800 3892 msedge.exe msedge.exe PID 3892 wrote to memory of 2292 3892 msedge.exe msedge.exe PID 3892 wrote to memory of 2292 3892 msedge.exe msedge.exe PID 3892 wrote to memory of 2292 3892 msedge.exe msedge.exe PID 3892 wrote to memory of 2292 3892 msedge.exe msedge.exe PID 3892 wrote to memory of 2292 3892 msedge.exe msedge.exe PID 3892 wrote to memory of 2292 3892 msedge.exe msedge.exe PID 3892 wrote to memory of 2292 3892 msedge.exe msedge.exe PID 3892 wrote to memory of 2292 3892 msedge.exe msedge.exe PID 3892 wrote to memory of 2292 3892 msedge.exe msedge.exe PID 3892 wrote to memory of 2292 3892 msedge.exe msedge.exe PID 3892 wrote to memory of 2292 3892 msedge.exe msedge.exe PID 3892 wrote to memory of 2292 3892 msedge.exe msedge.exe PID 3892 wrote to memory of 2292 3892 msedge.exe msedge.exe PID 3892 wrote to memory of 2292 3892 msedge.exe msedge.exe PID 3892 wrote to memory of 2292 3892 msedge.exe msedge.exe PID 3892 wrote to memory of 2292 3892 msedge.exe msedge.exe PID 3892 wrote to memory of 2292 3892 msedge.exe msedge.exe PID 3892 wrote to memory of 2292 3892 msedge.exe msedge.exe PID 3892 wrote to memory of 2292 3892 msedge.exe msedge.exe PID 3892 wrote to memory of 2292 3892 msedge.exe msedge.exe PID 3892 wrote to memory of 2292 3892 msedge.exe msedge.exe PID 3892 wrote to memory of 2292 3892 msedge.exe msedge.exe PID 3892 wrote to memory of 2292 3892 msedge.exe msedge.exe PID 3892 wrote to memory of 2292 3892 msedge.exe msedge.exe PID 3892 wrote to memory of 2292 3892 msedge.exe msedge.exe PID 3892 wrote to memory of 2292 3892 msedge.exe msedge.exe PID 3892 wrote to memory of 2292 3892 msedge.exe msedge.exe PID 3892 wrote to memory of 2292 3892 msedge.exe msedge.exe PID 3892 wrote to memory of 2292 3892 msedge.exe msedge.exe PID 3892 wrote to memory of 2292 3892 msedge.exe msedge.exe PID 3892 wrote to memory of 2292 3892 msedge.exe msedge.exe PID 3892 wrote to memory of 2292 3892 msedge.exe msedge.exe PID 3892 wrote to memory of 2292 3892 msedge.exe msedge.exe PID 3892 wrote to memory of 2292 3892 msedge.exe msedge.exe PID 3892 wrote to memory of 2292 3892 msedge.exe msedge.exe PID 3892 wrote to memory of 2292 3892 msedge.exe msedge.exe PID 3892 wrote to memory of 2292 3892 msedge.exe msedge.exe PID 3892 wrote to memory of 2292 3892 msedge.exe msedge.exe PID 3892 wrote to memory of 2292 3892 msedge.exe msedge.exe PID 3892 wrote to memory of 2292 3892 msedge.exe msedge.exe PID 3892 wrote to memory of 4776 3892 msedge.exe msedge.exe PID 3892 wrote to memory of 4776 3892 msedge.exe msedge.exe PID 3892 wrote to memory of 720 3892 msedge.exe msedge.exe PID 3892 wrote to memory of 720 3892 msedge.exe msedge.exe PID 3892 wrote to memory of 720 3892 msedge.exe msedge.exe PID 3892 wrote to memory of 720 3892 msedge.exe msedge.exe PID 3892 wrote to memory of 720 3892 msedge.exe msedge.exe PID 3892 wrote to memory of 720 3892 msedge.exe msedge.exe PID 3892 wrote to memory of 720 3892 msedge.exe msedge.exe PID 3892 wrote to memory of 720 3892 msedge.exe msedge.exe PID 3892 wrote to memory of 720 3892 msedge.exe msedge.exe PID 3892 wrote to memory of 720 3892 msedge.exe msedge.exe PID 3892 wrote to memory of 720 3892 msedge.exe msedge.exe PID 3892 wrote to memory of 720 3892 msedge.exe msedge.exe PID 3892 wrote to memory of 720 3892 msedge.exe msedge.exe PID 3892 wrote to memory of 720 3892 msedge.exe msedge.exe PID 3892 wrote to memory of 720 3892 msedge.exe msedge.exe PID 3892 wrote to memory of 720 3892 msedge.exe msedge.exe PID 3892 wrote to memory of 720 3892 msedge.exe msedge.exe PID 3892 wrote to memory of 720 3892 msedge.exe msedge.exe PID 3892 wrote to memory of 720 3892 msedge.exe msedge.exe PID 3892 wrote to memory of 720 3892 msedge.exe msedge.exe
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\about.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe8e0146f8,0x7ffe8e014708,0x7ffe8e0147182⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2072,9633481676635584414,4286835263832315897,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2096 /prefetch:22⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2072,9633481676635584414,4286835263832315897,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2156 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2072,9633481676635584414,4286835263832315897,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2864 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,9633481676635584414,4286835263832315897,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3188 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,9633481676635584414,4286835263832315897,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3228 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2072,9633481676635584414,4286835263832315897,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5428 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2072,9633481676635584414,4286835263832315897,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5428 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,9633481676635584414,4286835263832315897,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5040 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,9633481676635584414,4286835263832315897,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5044 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,9633481676635584414,4286835263832315897,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4736 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,9633481676635584414,4286835263832315897,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5100 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2072,9633481676635584414,4286835263832315897,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4008 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
Network
MITRE ATT&CK Matrix ATT&CK v13
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD556641592f6e69f5f5fb06f2319384490
SHA16a86be42e2c6d26b7830ad9f4e2627995fd91069
SHA25602d4984e590e947265474d592e64edde840fdca7eb881eebde3e220a1d883455
SHA512c75e689b2bbbe07ebf72baf75c56f19c39f45d5593cf47535eb722f95002b3ee418027047c0ee8d63800f499038db5e2c24aff9705d830c7b6eaa290d9adc868
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD5612a6c4247ef652299b376221c984213
SHA1d306f3b16bde39708aa862aee372345feb559750
SHA2569d8e24c91cff338e56b518a533cb2e49a2803356bbf6e04892fb168a7ce2844a
SHA51234a14d63abb1e3fe0f9927a94393043d458fe0624843e108d290266f554018e6379cba924cb5388735abdd6c5f1e2e318478a673f3f9b762815a758866d10973
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent StateFilesize
705B
MD5bc8534ef3d7f963eab133b6effe6a6c1
SHA1fd2ed3d17977d0948b9f902a14b83782ec978cfd
SHA256908b684c64b91ffda309705de7da23fb82b347b46d096f6fc5a30a59dd5648f5
SHA512b6df137978a21941b376dc9e3874fb1faec456bd1298f80c87f7dffc3ff202bbf2e5a45a6b8342ad1ea5718d91910c297e9a02b0b100ed51769a40608c1828ab
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
5KB
MD526e99938c760dd58c9039b41721ac6f8
SHA14edb418a46a04a5ca1bb5ef6f8d17ee57ce7c47b
SHA256aee9d71b55c7a81745483b841530bf46878eb8bf2178167035a705abc32ad0dd
SHA5125721ef7e82aac18902544afd2cf6bdf5b8bb6b504489794ea07a99200e6a2c3dc0b8a30670ab3e186e6a641df5ae68d590cec31b9f81c03def506c9324411604
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
6KB
MD592c0d654acc20b19263dbe6d8eae934f
SHA18cd206912ca00767f35f564b6bb91ac1cb6523f5
SHA2567cd620d11f08c773c36bce004cbe8aa5380aa70d67490ae4e0f6791f21f83a27
SHA512c1bf0b0fbd341d174bc8a64adb8e3552b887277cec84cc0b2af468bbf74f03ed61a3f16ea5e037af8b9d6a4b6ca12519cf3318728615229846ffeadae55d0358
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENTFilesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
11KB
MD5170c24733fa52a74f372a430cb6b8d05
SHA1528be4dc2737cd86a13ca7f5df8a340c7019f74f
SHA256355f4f87d34c9bf588a866202bd67729c4cd34cb3618891378e80d434ddfd385
SHA5120310d1a7398ccf56aecc6548616184a86b25ee150ade407edaf5d1ba435166c0ca1c2ab7436a3850a9e2cca85c802f85b1b09b64c31cb59e17724528056771dd
-
\??\pipe\LOCAL\crashpad_3892_QYNRAJOJHYDNYIDEMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e